Introduction

Controller's
contact information

Processing Grounds
and Purposes

Retention periods for
personal data

Personal data
protection

Sharing of personal data

Usage of
cookies

User
rights

Changes and
updates

Contact

Privacy statement

Latest update: 26 November 2025

  1. Introduction

The purpose of the Haavi website's (www.haavi.ai) privacy policy is to clearly inform the site's users how their personal data is collected, used, and protected. We adhere to the requirements of the General Data Protection Regulation (GDPR) of the European Union in the processing of personal data.

This policy applies to all our services, such as the use of the website and other related activities. By using our site, you agree that we will process your data in the manner described in this policy. If you do not accept these practices, we ask you not to use our site.

  1. Contact details of the data controller

The controller (i.e., the entity responsible for processing your personal data) is Legit AI Oy, which maintains the Haavi website and service. If you have any questions about this privacy statement, wish to make a data request, or want to exercise any of the aforementioned rights, you can contact us:

→ Email: aku@haavi.ai
→ Contact person: Aku Nikkola (+358 40 571 2966)

You can send all inquiries and requests related to data protection to the above email address. We handle inquiries promptly and confidentially. If necessary, we may request additional information or confirmation of your identity before fulfilling your request to ensure data security and that information is not disclosed to the wrong person.

  1. Data processing bases and purposes of use

We process personal data only for predefined purposes and on legal grounds permitted by GDPR. The most common grounds and purposes for processing personal data on our site are:

Providing the service and managing user accounts: We process your data to offer you the services of the Artificial Intelligence Forum website, such as maintaining your user account, enabling your participation in discussions and publications, and providing customer support. This processing is based on a contract with you or our legitimate interest in ensuring the functionality of the service.

Communication and information: We use contact details to communicate with you. We may send important information about the service, updates to terms of use or privacy policy, or respond to your messages and support requests. Such processing is primarily based on the performance of a contract (e.g., responding to user support) or our legitimate interest in communicating with users interacting with us. If we send you marketing messages or newsletters, we will seek your prior consent, which you can withdraw at any time.

Site development and analytics: Personal data (especially technical information and data collected by cookies) is used to monitor, analyze, and develop the use of our service. This helps us understand how users use the site and improve the site's content, functionalities, and user experience. The basis for processing is then our legitimate interest in developing our online service and ensuring its quality. Analytics is usually conducted in a statistical form, and we do not use it to identify individual users.

Security and prevention of misuse: We may process personal data to secure the site and user information and to prevent fraud, misuse, or breaches of terms of service. For example, log data can be used to investigate faults and detect suspicious login attempts. This processing is based on our legitimate interest in protecting our business and ensuring service security, as well as, if necessary, compliance with legal obligations.

Legal obligations: We also process personal data to fulfill laws and regulations that may apply to us. For example, accounting laws may require the retention of certain transaction data, or we may be obliged to disclose information to authorities under a legal data request. In such cases, the basis for processing is compliance with a legal obligation.

Your personal data will be processed only for the purposes outlined in this statement. We do not use the data for other purposes without your consent. If we intend to process the data for a substantially different purpose in the future, we will inform you in advance and request your consent if necessary.

  1. Retention periods for personal data

Summary: we retain your data only as long as it is necessary and will delete or anonymize it when there is no longer a justified need.

We retain personal data only as long as it is necessary for the purposes described in this statement and for providing the service, or as required by law.

The retention period for personal data may vary depending on the nature and purpose of the data:

User account-related information is retained primarily as long as you have an active user account in the Artificial Intelligence Forum. If you decide to terminate your account or request its deletion, we will delete or anonymize the relevant personal data within a reasonable time, unless we have a justified reason (e.g., legal obligation or dispute resolution) to retain the data longer.

Customer service and communication information (such as emails, support requests) is retained as long as necessary to handle your matters and for any potential further actions. For example, if you have contacted us with a question, we will retain the correspondence at least until your issue is resolved.

Analytics and usage data are generally retained for a shorter period in an identifiable form. We strive to anonymize or aggregate such data if they are desired to be retained longer for statistical purposes.

Legally required retention periods: Some information must be retained for the period required by law. For example, information containing accounting materials may be retained for up to 6 years from the end of the fiscal year according to Finnish accounting legislation.

The user's right to request deletion: You have the right to request the deletion of your personal data at any time (see user rights below). We will fulfill deletion requests without undue delay, provided there is no statutory or other compelling basis for retaining the data. After deletion, if possible, we may retain some basic information (such as email address) to prevent re-registration or ensure that new information is not accidentally stored (e.g., if your email is reused for a newsletter subscription).

  1. Protection of personal data

The security of the personal data you entrust to us is important to us. We use appropriate technical and organizational safeguards to prevent unauthorized access to data, data disclosure, alteration, or destruction. Such security measures include, for example, firewalls and secure server connections, password-protected databases, and data encryption methods when necessary. We also ensure that only persons who need it for their tasks (such as employees or contractors participating in the maintenance of Haavi) can process personal data. They are bound by confidentiality obligations.

Even though we do our best to protect data, it's important to remember that no method of data transmission over the internet or electronic storage is completely infallible. However, we continuously strive to update our data security practices in accordance with the risks.

  1. Sharing of personal data

We do not sell, rent, or otherwise disclose your personal data to third parties for marketing purposes. We share personal data with external parties only in the following situations:

Service Implementation (subcontractors and service providers): We may use reliable third parties to assist us in implementing the service. These may include, for example, website maintenance or hosting service providers, analytics or statistical services (such as Google Analytics), email delivery services for newsletters, or other similar technical service providers. These parties process personal data solely on our behalf and according to our instructions (acting as so-called data processors) and only for the purposes described in this privacy statement. We ensure through contracts that our service providers comply with data protection obligations and adequately protect your data.

Legal Obligations and Court Orders: We may disclose your personal data to authorities or other parties if required by law or if information is demanded from us by a court order. Such situations may include, for example, requests related to criminal investigations or the obligation to disclose information to tax authorities. We disclose information only to the extent required by law and always ensure that the requester has the right to demand such information.

Business Arrangements: If our business is sold, merged with another company, or restructured (e.g., merger, acquisition), your personal data may be transferred as part of the transaction or arrangement. In such cases, we ensure that the data continues to be used for compatible purposes and that appropriate data protection is maintained. We will inform you if your data is to be transferred to another data controller in accordance with this section.

We always strive to minimize sharing with external parties. If personal data is transferred outside the EU/EEA area (for example, if one of our service providers is located or stores data outside the EU), we ensure that there is a legal basis for the transfer and that the level of data protection is adequate (e.g., EU Commission's standard contractual clauses or the recipient's commitment to comply with the EU-U.S. Data Privacy Framework regulations, etc.). We inform users of significant changes in data sharing.

  1. Use of cookies

We use cookies and similar tracking technologies on our site to enhance the user experience, analyze site usage, and provide a smoother service. Cookies are small text files that are stored on your device when you visit websites.

Below we explain how we use cookies:

Essential cookies: Some cookies are necessary for the operation of our site. They enable basic functions like logging in and ensure the security of the site. Without these cookies, the site may not function properly. These include the essential cookies of the Framer site, more information about which can be found here.

Functional cookies: We use cookies to remember your choices and settings (such as language selection or other preferences), to make the site more seamless and personalized for you.

Analytics cookies: With cookies, we collect information on how users use our site. For example, we can get information about page loads, visit duration, and where users come from to the site. This information is used to improve the service. We may use third-party analytics tools, such as Google Analytics, which set their own cookies to collect anonymized information about user numbers and behavior. These third parties may thus receive some technical information about your visit. However, we do not directly disclose your personal information to them, and they use the data according to their own privacy policies.

Marketing and targeting cookies (if necessary): If content or ads are displayed on our site that we want to tailor to the user, targeting cookies may be used. These cookies collect information about your browsing habits so we can show content that matches your interests. Currently, the AI Forum may not utilize external ad cookies, but we reserve the right to add such functionalities in the future, in which case we will update this statement.

Managing cookies: When you arrive at the site, you are requested to accept the use of cookies via a cookie banner. You can manage cookie settings at any time through your browser settings. In the browser settings, you can block cookies completely or delete already set cookies. However, please note that blocking cookies may affect the functionality of the site; for example, logging in or certain functionalities may not work without cookies.

The use of other tracking technologies (such as pixel tags or local storage) is possible for similar purposes. In all cases where we use such technologies, we strive to protect your privacy and use the data for the purposes described in this statement.

For more information about cookies and their management, please contact us if needed: aku@haavi.ai.

  1. User rights

As a user, you have privacy rights to influence the processing of your personal data. We offer you all the rights according to GDPR, and you can exercise them at any time by contacting us (toimitus@tekoalyfoorumi.fi). Here is a summary of your key rights:

Right of access: You have the right to confirm whether we are processing personal data about you and the right to request a copy of the personal data we have stored. Upon your request, you will receive a copy of your own data in written or electronic form.

Right to rectification: If you notice that the personal data concerning you is incorrect or incomplete, you have the right to request the correction or completion of this data. We want to keep your information up to date, so we will correct mistakes promptly after learning about them.

Right to erasure ("right to be forgotten"): In certain situations, you have the right to request the deletion of your personal data from our records. For instance, you can request deletion if the data is no longer needed for the purpose for which it was collected or if you withdraw your consent and there is no other legal basis for processing. We will delete the requested data without undue delay unless we have compelling reasons to continue processing (e.g., a legal obligation).

Restriction of processing: You have the right to request the restriction of processing your personal data in certain situations. This means we will store the data but not process it otherwise without your consent. You can make such a request, for example, if you dispute the accuracy of the data (processing is limited for the time it takes us to ensure their accuracy) or if you consider the processing unlawful but do not want the data to be erased.

Right to object: You have the right to object to the processing of your personal data based on your particular personal situation, when the processing is based on a legitimate interest. Additionally, you always have the right to object to processing for direct marketing purposes. If you make an objection request, we will no longer process your data for the objected purpose unless there are compelling legitimate grounds for processing that override your interests, rights, and freedoms or unless it is necessary for the establishment, exercise, or defense of legal claims.

Right to data portability: To the extent that you have provided us with data that we process based on your consent or a contract in an automated manner, you have the right to receive such data in a structured, commonly used, and machine-readable format, and the right to transfer them to another data controller. In other words, upon your request, we can transfer (or allow you to transfer) certain data directly to your designated party if technically feasible.

Right to withdraw consent: If we process your personal data based on your consent, you have the right to withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal. If you withdraw your consent, we will not continue processing your data based on that consent.

Right to lodge a complaint with a supervisory authority: If you believe that we have processed your personal data contrary to data protection regulations, you have the right to lodge a complaint with the competent data protection authority. In Finland, the supervisory authority is the Data Protection Ombudsman. However, we gratefully welcome feedback directly from you and strive to resolve any issues in good cooperation.

You can exercise the above-mentioned rights by contacting us. Requests are responded to without undue delay, at the latest within the time required by law (usually within a month). Please note that before carrying out requests, we need to verify your identity to protect your data from misuse.

  1. Privacy statement changes and updates

We are constantly developing our service, and we may occasionally update this privacy policy to align with changing practices, legislation, or features of our service. Therefore, we recommend that users regularly check the contents of this policy to stay updated.

If we make significant changes to this privacy policy, we will inform users in an appropriate manner. For example, we can publish a notice on our website or send an email if the changes are significant and you have a user account or have otherwise provided your contact information for this purpose. The latest update date is shown at the beginning of the policy, where you can see when changes were last made.

By continuing to use our site after updates to the privacy policy, we consider you to have accepted the updated terms. If you do not accept the changed policy, you can always stop using our site and request us to delete your data.

Last updated: November 26, 2025.

  1. Contact

If you have any questions regarding this privacy statement, Haavi's data security, or other issues related to Haavi, feel free to contact us:

Aku Nikkola, Founder
aku@haavi.ai